From 3a97322b6b402485ae5ef7102486803e3a3583af Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Fri, 6 Sep 2024 17:13:14 +0200 Subject: [PATCH] Fix CVE-2024-44082 / OSSA-2024-003 Fixes CVE-2024-44082 [1] with updated container images for Ironic services. Note that Ironic Python Agent images also need to be updated to fully fix this vulnerability. If this is not possible, a new configuration option ``[conductor]conductor_always_validates_images`` is available. See the OSSA-2024-003 announcement [2] for more details. [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-44082 [2] https://security.openstack.org/ossa/OSSA-2024-003.html --- etc/kayobe/kolla-image-tags.yml | 3 +++ .../notes/fix-cve-2024-44082-122ef225f674d864.yaml | 12 ++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 releasenotes/notes/fix-cve-2024-44082-122ef225f674d864.yaml diff --git a/etc/kayobe/kolla-image-tags.yml b/etc/kayobe/kolla-image-tags.yml index 2abd37c07..9a6c89aa3 100644 --- a/etc/kayobe/kolla-image-tags.yml +++ b/etc/kayobe/kolla-image-tags.yml @@ -14,6 +14,9 @@ kolla_image_tags: ubuntu-jammy: 2023.1-ubuntu-jammy-20240701T123544 haproxy_ssh: ubuntu-jammy: 2023.1-ubuntu-jammy-20240509T102329 + ironic: + rocky-9: 2023.1-rocky-9-20240906T144646 + ubuntu-jammy: 2023.1-ubuntu-jammy-20240906T144646 kolla_toolbox: rocky-9: 2023.1-rocky-9-20240809T102431 letsencrypt: diff --git a/releasenotes/notes/fix-cve-2024-44082-122ef225f674d864.yaml b/releasenotes/notes/fix-cve-2024-44082-122ef225f674d864.yaml new file mode 100644 index 000000000..3066b0758 --- /dev/null +++ b/releasenotes/notes/fix-cve-2024-44082-122ef225f674d864.yaml @@ -0,0 +1,12 @@ +--- +security: + - | + Fixes `CVE-2024-44082 + `_ with updated + container images for Ironic services. Note that Ironic Python Agent images + also need to be updated to fully fix this vulnerability. If this is not + possible, a new configuration option + ``[conductor]conductor_always_validates_images`` is available. See the + `OSSA-2024-003 description + `_ for more + details.